Many mobile devices, such as cellular telephones, personal digital assistants (PDAs), and other handheld computing and communicating devices, currently perform numerous and complex functions. Such a mobile device may occasionally require resetting of at least a portion of the software used thereon to a known prior state in order to avoid current or potential problems. Typically, a mobile device comprises a reset switch, or other equivalent means known in the art, which a user can actuate in order to initiate a reset process.
It has been observed that some existing ASIC processors for mobile devices may be breached through their serial port line after a reset process has been initiated. An external reset switch typically controls a reset circuit in the mobile device. When the reset switch is actuated, the reset circuit closes, sending a signal, or reset command, to the ASIC to reset. When the reset switch is released and the reset circuit opens, instructions stored in internal BootROM are executed and the BootROM instructs the ASIC to poll a serial port, which can be connected to a personal computer, for activity.
If there is serial port activity, this usually indicates that there is new code to be downloaded. This new code may be stored in memory on a personal computer, or may be transmitted via the personal computer from another source and may comprise, for example, a new version of code to be executed in the mobile device. Typically, program code in the BootROM will jump to a routine for downloading the new code via the serial port into internal SRAM. Once downloading is complete, the program code in BootROM will jump to the beginning of the downloaded new code and begin to execute the downloaded new code. This downloaded new code typically has complete access to other components in the mobile device, such as FLASH memory, in terms of instructions and commands that are permitted. This constitutes a potential security risk, since it can allow anyone to provide new code at the serial port that, once executed, can access and upload programs and data stored in the mobile device's FLASH memory, including confidential and proprietary information. Such access would constitute a security breach.
It is therefore desirable to provide a security feature in order to reduce the likelihood of occurrence of such a breach.